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Apparatus and method for reproducing user data 



user data 

stored in encrypted form on a recording medium as well as to an integrated circuit for use in 
such an apparatus or method. The invention refers particularly to the protection of 
information stored on removable recording media, such as video data on a DVD. 
5 If user data, e. g. video data, audio data, software or application data, ia stored 

on a removable recording medium in encrypted form it is most often, required that an 
authorized application can read and use said usee data, if allowed, from such removable 
recoiding media wilhont tb* need to retri 

as the internet Hence, the deayption key has to be stored on tbe medium together wim me 
10 encrypted user data. 



However, the decryption key has to be hidden from an unauthorized access. 
Known techniques for hiding the decryption key are the use of a media-key-block with 
15 secrete pkyar keys which are, rbrn^^ 

(CSS) and in Content Protection for Recordable Media (CPRM). Another method for hiding 
to deayption key b electron 

from US 6, 1 57,606. Therein a master key is used for encrypting main data in a pit-width 
diiection by changing a light amount afa laser beam to then ie«wd ft <m an op^ 
20 medium. 

In the current protection systems, such as CSS and CPRM, the calculation of 
the decryption key is performed aside an authorized PC appbeat^ 
unit of a PC. These authorized applications contata protection inecbani^ 
extraction of secrets, such as player keys needed for media-key-block calculation, and against 
25 any modification of the behaviour of the application, such as providing any protected data in 
the clear to other applications. These protection mechanisms for PC software applications 
are,hcjwever ( knowntobeweakandto 

applicatiou unit is tampered with by hackers, it could be changed such that it provides the 
hacker with the decryption key of the jmneoted user data. The hacker womd now be ^ 
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extract and publish 4e decryption keys of many published recording media which would 
allow other hackers to get easy access to the protected user date using unauthorized 



30 



This is a serious security problenL The illegal distribution of decryption keys does potentially 
5 produce more damage than the illegal distribution of protected user data in the clear because 
the protected user data includes a large amount of data, usually many megabytes, and is 
therefore time-consuming. In contrast, the decryption keys include only a small amount of 
data, usually not much more than one kilobyte, and can be distributed quickly and widely. 

10 

It is therefore an object of the present invention to provide an apparatus and a 
method for reproducing user data stored in encrypted form on a recording medium which 
provide a higher level of protection, in particular of the decryption key, against theft through 
hacking of a PC application and/or application unit This object is achieved by providing an 
IS apparatus as claimed in claim 1, 
-means for leading user data and k 

- an integrated unit including 

- means for calculating a decryption key using said key data, 

- means for decrypting user data read from Baid recording medium using 
20 said calculated decryption toy, and 

- means for rc-enoyptiag said decrypted data using a re-encryption key, 

- means for transmitting said re-encrypted data 
unity and 

- an application unit for decrypting said re^oy^ re-encryption key and 
25 for reproducing the decrypted data. 

This obj ect is forther achieved by a corresponding method as claimed in claim 
8. An integrated unhfbr use in such an app 
9 comprises: 

- means for calculating a decryption key usfaig toy date read fora said 

- means for decrypting user date read ftom said record^ 
decryption key, and 

-means for re-encrypting sa^^ 
encrypted data for being transmitted to an appUcation 
date using said re-encry^^ 
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The present invention is based on the idea to oxcr^ and to re^ncryrt to user 
data read fiom the recording medium inside an integrated unhmttedihe and not, as usually, 
inside an application unit using a PC application. Such an integrated unit is much more 
difficult to hack compared to an application unit, and thus provides an improved protection 
5 for the decryption key. In addition, the calculation of the decryption key used for decrypting 
the user date and tto calculaaon of a ie-enc^ 
user date are also performed inside the integrated unit v^ch even more 
of the decryption key. The decryption key thus never leaves the integrated unit, neither in 
encrypted form nor in decrypted form. Furth«, the decrypted uswda^ 
decryr^onaiMire-enciy^ 
higher level protection against hacking of user data. 

In order to enable the application unit to decrypt aai then to reproduce the 
user dateprovided tromfoe uttegutt^u^ 
any data for calculate ^ 

Ihb cant* done by dirh^ineto 
the re-encryption toy over a secure au^ 
theappHcattonunkAkanatrve^ 
this purpose. 

Preferred embodiments of the hrvention are inctaded mite 
ItabaDbemuierstDodtha^ 1, themes as claimed i 

claim 7 and ttw integrated cir^ 
have identical or similar embodiments. 

Preferably, said irrtegratedu^ 
media and said drive unit as well as said application unit are included to 
PC- ft is further tarferredth^ 
particular a disc, vdrich may be «co^ 
DVT> storing air/ kind of lis* 
comparable medium, e.g. a solid state memory card. 

m a still farther preferred enuwd^n^themtegtate^ 
integrated circuit vAich can nrfeaaUyte backed from o 
mayalsotenndwstoc^asanofoOT 
such an integrated ccn^Kment is found to 

iinplemented partly in hardware and partly in firmware, e.g. reHmcrypuon key generation 
nnr/bcimplementodmfirnrwum 



[in 
lean 



20091 3A30B 1Qif03ft Whh Seiwa P. &L. 81354701911 NO. 7357 P. 24/45 

WO 03/009283 PCT/IB02/02548 

4 

the re-encryption key will also be present in the application unit which is a less secure 
environment that such an integrated component like an optical drive unit 

5 The invention will now be explained in more detail with reference to the figure 

which shows a block diagram of a reproducing apparatus according to the invention. 

Therein a pe rson al computer 1 is shown comprising a drive unit 2 and an 

10 appHcaticnunft3.Ifauseruxtendsto 

like a DVD-ROM, e. g.to replay video data stored in a DVD in MPEG-fbnnat, the medium 4 
is inserted into fee drive 2 wherein said user data and key data are read by reading means 5. It 
should be noted that bom the user data and the key data are stored on the medinm 4 in 
encrypted fonn. It should farther be noted that u^ are difemit ways of emayptiiig user 

15 dam and key data for storing it on recording med^ 
invention which particular way is used. 

The read data are then input into an integrated unit 6, which is preferably 
realized by an integrated circuit (IC) CTanpnsing different means for calculating irayg and f OT 
decrypting arxire-eucrypu^ 

20 calOTlathmimit7usingt 

key DKw required fwd«tfyptb^ 

decryption umt 8. This decryption key DK. is identical to an encryption key which has been 
used for encrypting the user data before storing it on foe medium 4 or is a ecarespending key 
to this encryption key. 

25 After decryption the user data shall he re-encirypted mare-encryption unit 10 

iristeadofoulrHitringto 

since such a transmission of user data in die clear wet alms is not very secure and ^ves 
backers an opportunity to read and copy the user data. 

The re-encryption key RK used for re-encrypting the user data is also 
30 calculartd inside the mtegrate^ Since this re- 

encryptionkey RK has also to be known to the appkcau\m unit 3 m order to decr^ 
data therein, a secure authenticated channel 17, 18 between the drive unit 2 and the 
apphcatiou unit 3 is established. To authorize the application running on tire application unit 
3 its public key is certified by a certification authority 1 5. 
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If the application is thus authorized a corresponding indication thereof, in 
particular a public key of the application is transmitted from the application unit 3 to the 
drive 2, m particular, to the key calculation unit 9 of the integrated unit 6. The key calculation 
unit 9 may then authorize the application by checking the certificate of the public key 
5 application with a public key hcensing authority 14 and by checking if the application 
possesses the corresponding private key which is part of the SAC functionality. 

After final authorization of the application the encrypted re-encryption key RK 
or any after data relating to the re-encryption key are transmitted from the key calculation 
unit 9 to the key calculation unit 1 1 of the application unit 3 via transmission line 18. The key 
10 calculation unh 11 is thus able to calculate u^^ 

unit 12 can decrypt the re-encrypted user data provided via transmission line 16. It should be 
noted that the tr an s mi ssion lines 16, 17 and 18 are included in hie PC bus of the computer 1. 

After decrypting the user data in decryption unit 12 it can be completely 
reproduced and rendered for playback by render umt 13. 
15 The invention thus provides a high level of protection against theft of user data 

and/or of decryption keys used for 

medium. Neimer the user data nor the decryptira keys are transmitted om 

computer or are existent outside of the integrated unit in the clear. It is thus not possible to 

retrieve tee decryption key by hackn^ 
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CLAIMS: 



L Apparatus for reproducing user data stored in encrypted form on a recording 

medium, comprising: 

- means for reading user data and key data from said recording medium, 

- an integrated unit including 

5 - means fox calculating a decryption key using said key data, 

- means for decrypting user data read from said recording medium using 
said calculated decryption key, and 

- means for re-encrypting said decrypted data using a re-encryption key, 

- means ffa transmitting sajdre-oncryptBd data from said integrated unit to an application 
10 unity and 

- an application curt for decrypting said re-encrypted data using said re-encryption key and 
for reproducing the dcciypted data. 

2. Apparatus according to claim 1 , wherein said integrated unit and/or said 

IS application unit comprises means for calculating said re-encryption key. 

3* Apparatus according to claim 1 , farther comprising public key cryptography 

means for exchanging information on said re-encryption key, 

20 4. Apparatus according to claim 3, wherein said public key cryptography means 

are employed to set up a secure authenticated channel for transmitting Baid re-encryption key 
from said integrated unit to said application unit 

5- Apparatus according to claim 1, wherein said integrated unit is included in a 

25 drive unit for reading recording medm application unit 

arc included in a computer. 



6* Apparatus according to cl aim 1 , wherein said recording medium is an optical 

recording medium, in particular a CD or a DVD. 
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7. Apparatus according to claim l,wbcrem 

circuit. 

5 8. Method for reproducing user data stored in encrypted form on a recording 

medium, composing the steps of: 

-reading user data and key data from said recording medium, 

- Pedaling a decryption key using said key data, 

- decrypting user data read from said recording medium using said calculated decryption key, 
10 -re^cayptingsaMdeoy^^ 

wherein said calculation step* said decryption step and said rc-encryption step are carded 
out in an integrated unit, 

- tnmsm itting said rc-encryptod data from said integrated unit to an application unit, 

- decrypting said re-encrypted data using said re-encryption key in said application unit, and 
15 - reproducing the decrypted data. 

9. Integrated unit for use in an apparatus according to claim 1 for reprcKhiring 
user data stored in encrypted form on a recording medium, comprising- 

- means for calculating a decryption key using key data read from said recording medium, 
20 - means for decrypting user data read from said recording medium using said calculated 

decryption key, and 

-means for rc-enerypting said decrypted data using a re-encry^ 
encrypted data for being transmitted to an appUcationu^ 
data using said re-encryption key and for reproducing the decrypted data. 

25 

10. Integrated unhacc(Mdi^ 
integrated circuit 
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g (57) Abstract: The invention relates to an apparatus and a method for reproducing user data stored in encrypted form on a recording 
q medium. In order to provide a higher level of protection against hacking of user data and, in particular, of decryption keys, which 

8^ are us«d for ercryptJng said user data and which are also stored on the recording medium, an apparatus is proposed according to the 
invention, comprising:- means for reading user data and key data from said recording medium. - an integrated unit including- means 
for calculating a decryption key using said key data, - means for decrypting user data read from said recording medium nsing said 
O calculated decryption key, and - means for rwncrypting said decrypted data using a re -encryption key,- means for trammitting said 
re-encrypted data from said integraxad unit to an application unit, and- an application unit for decrypting said re-enoypced data using 
^ said re-crxryption key and for reproducing the decrypted data. 



2009$ 3830B 101*049 jWMa Seiwa P. &L 8 1 35470 191 1- 



-N0.7357— P. 30/45-1 



PCT/iD 02/02548 



A. CLASSMCATION 0* SUBJECT UATTtA 

IPC 7 G11B20/00 








ft RU98IARCHEP 


Mnkflum ooountonfntfon Msrohed (ciusifluftioti tyttBffi totouwd by oMntftoatiDfi cymbote) 

IPC 7 611B 


OocumsfMBon soarchod othor ttan mfeAnm docoRNnUtan U> Hie extent thflt such documents bib indu 


fled inmefMdtaeaflhod 



Etwlfontodgta boss oo no u n od during tho wtmailooAJ soajth (nam* of cttt bm and. whora practical fcojchtonra used) 

EP<Mnternal, WPI Data, PAJ, INSPEC 



fc DOCUMENTS 



TO BE HELEVAMT 



Category* CSatton t* 



utoi ftdtatfon, wtMfB appropriate, of tho rctevort 



NO. 



EP 0 978 839 A (HEWLETT PACKARD CO) 
9 February 2000 (2000-02-09) 
* page 3 - page 4 * 
abstract; figure 1 



BRUCE SCHNEIER: 
Second Edition" 
1996 , JOHN WILEY & SONS 

* page 48 * 

* page 174 • 
page 185 -page 187 



Applied Cryptography 

USA XP002236172 



1-10 



1-10 



□ 



•ft fatal In to conflnuifiori of box (X 



0 



* Bpodai catoportoi of cBad doomrnnto : 

"A - dacM^<tt ^l^gy^<^o>th> artthfchbnot 
oonaMandto be of p 



of prtofty date a nd not to oo nfOrt wEtt tho pt tf padojibut 
clad to uixJtiilflnd the prtn dp te qrtbopiy ikido/tyiigfro 



■P osriorofeoumrtitfptteMooQrafwtfw i 

v San 

cMfenof other opootaJflM&oti (m opaclfed) 
■CT dooiT^rateCTf>gw»<>r^ < 

ipdortotte 



oonnot to oon atdsrad novel Of Cinoot bo conildarod to 
Iworvo an tivantvo atop whan tho dooumontto tafgaosJane 
«Y* dpaanwl o f psrtgulor rctewmoa; the ctoiftod invwibo 
cannot b# ocmMortd to iwtvo en frNMttai atop wrtan Jh© 
docun)*nt ii c ona at B ad <flf> ono of m o w otftar weft docu- 
ments, Mich oo w bl n alion being obvtMta to n parson otftad 
In ©wart 

*A" document fnorapcr of (h© satno potoMfMty 



26 March 2003 



Data of mattno. of Vw tnttrncBonat saaoch raped 

09/04/2003 



Nana and rnaBnfl «d*esB of the BA 

EMrgpttn Pant* aa», p.a sens Pettrttaw z 

Toi (4«1-70) d43-efia 7X. 31 691 opo rl 

RBC 1*31-70} 3*0-8016 



San M1lUn Maeso, J 



Fom POTA8A/210 (iQoan rtth aa P (**/ 1008} 



2009? 3A30B 10*04! iNt-^Ms Seiwa P.M. 81354701911 



NO. 7357 — P. 31/45-1 



PCT/fB 02/02548 



Patent document 
cited In oBwch report 


Publication 
date 


Patent famfly 
flfefflborta) 


Publication 
date 


EP 0978839 


A 


09-O2-200O 


us 


2002016919 Al 


07-02-2002 








DE 


69902078 Dl 


14-08-2002 








DE 


69902078 T2 


07-11-2002 








EP 


0978839 Al 


09-02-2000 








JP 


2000138664 A 


16-05-2000 



Pom Pcr/lttaio Wta* mm) th* unj 



20091 3B30B 10t|04ft 



WMs Sciwa P. 41. 8135470191 



166995 »gB:THHe 3B17fl 



NO. 7357 P. 32/45 



fMMf 



45H2 0 04-5 6 7 8 1 2 
¥#2l¥ 3£ 6B 

£ 45385S00 



